Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as Connection or (2) invalid parameters whose values are echoed in the resulting error message.
Name | Vendor | Start Version | End Version |
---|---|---|---|
W3who.dll | Microsoft | * | * |